noCors middleware does not work if send cookies from other origin #63
Labels
bug
Something isn't working
Comments
|
The team was wondering whether to automate Cors when users send a request with credentials using fetch or xhr We decided after all that this is the responsibility of the user. Users must resolve security issues independently fetch('http://localhost:31299/users', {method: 'POST', credentials: 'include', headers: { test: 'test' } })We could substitute all the necessary origin and headers ourselves to solve this problem, but there is a chance that the mock is used not only for the dev environment If you need credentials in your request, you should fill cors data in config or use server to server channel |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If try to send cookies from other origin (other port on localhost for example) CORS error occurs.
This happens because we use
*for requests with credentials, but wildcard for such requests is not allowed. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-HeadersThe text was updated successfully, but these errors were encountered: